2ffe12911e
- setfiles/restorecon: support parallel relabeling with -T <N> option - semodule: add -m | --checksum option
675 lines
23 KiB
Diff
675 lines
23 KiB
Diff
From 4e6165719d3315b6502f3d290a549f9fa14c3238 Mon Sep 17 00:00:00 2001
|
|
From: Petr Lautrbach <plautrba@redhat.com>
|
|
Date: Tue, 16 Nov 2021 14:27:11 +0100
|
|
Subject: [PATCH] semodule: add -m | --checksum option
|
|
|
|
Since cil doesn't store module name and module version in module itself,
|
|
there's no simple way how to compare that installed module is the same
|
|
version as the module which is supposed to be installed. Even though the
|
|
version was not used by semodule itself, it was apparently used by some
|
|
team.
|
|
|
|
With `semodule -l --checksum` users get SHA256 hashes of modules and
|
|
could compare them with their files which is faster than installing
|
|
modules again and again.
|
|
|
|
E.g.
|
|
|
|
# time (
|
|
semodule -l --checksum | grep localmodule
|
|
/usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
|
|
)
|
|
localmodule db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd
|
|
db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd -
|
|
|
|
real 0m0.876s
|
|
user 0m0.849s
|
|
sys 0m0.028s
|
|
|
|
vs
|
|
|
|
# time semodule -i localmodule.pp
|
|
|
|
real 0m6.147s
|
|
user 0m5.800s
|
|
sys 0m0.231s
|
|
|
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
Acked-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
policycoreutils/semodule/Makefile | 2 +-
|
|
policycoreutils/semodule/semodule.8 | 6 +
|
|
policycoreutils/semodule/semodule.c | 95 ++++++++-
|
|
policycoreutils/semodule/sha256.c | 294 ++++++++++++++++++++++++++++
|
|
policycoreutils/semodule/sha256.h | 89 +++++++++
|
|
5 files changed, 480 insertions(+), 6 deletions(-)
|
|
create mode 100644 policycoreutils/semodule/sha256.c
|
|
create mode 100644 policycoreutils/semodule/sha256.h
|
|
|
|
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
|
|
index 73801e487a76..9875ac383280 100644
|
|
--- a/policycoreutils/semodule/Makefile
|
|
+++ b/policycoreutils/semodule/Makefile
|
|
@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man
|
|
|
|
CFLAGS ?= -Werror -Wall -W
|
|
override LDLIBS += -lsepol -lselinux -lsemanage
|
|
-SEMODULE_OBJS = semodule.o
|
|
+SEMODULE_OBJS = semodule.o sha256.o
|
|
|
|
all: semodule genhomedircon
|
|
|
|
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
|
index 18d4f708661c..3a2fb21c2481 100644
|
|
--- a/policycoreutils/semodule/semodule.8
|
|
+++ b/policycoreutils/semodule/semodule.8
|
|
@@ -95,6 +95,9 @@ only modules listed in \-\-extract after this option.
|
|
.B \-H,\-\-hll
|
|
Extract module as an HLL file. This only affects the \-\-extract option and
|
|
only modules listed in \-\-extract after this option.
|
|
+.TP
|
|
+.B \-m,\-\-checksum
|
|
+Add SHA256 checksum of modules to the list output.
|
|
|
|
.SH EXAMPLE
|
|
.nf
|
|
@@ -130,6 +133,9 @@ $ semodule \-B \-S "/tmp/var/lib/selinux"
|
|
# Write the HLL version of puppet and the CIL version of wireshark
|
|
# modules at priority 400 to the current working directory
|
|
$ semodule \-X 400 \-\-hll \-E puppet \-\-cil \-E wireshark
|
|
+# Check whether a module in "localmodule.pp" file is same as installed module "localmodule"
|
|
+$ /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
|
|
+$ semodule -l -m | grep localmodule
|
|
.fi
|
|
|
|
.SH SEE ALSO
|
|
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
index c815f01546b4..ddbf10455abf 100644
|
|
--- a/policycoreutils/semodule/semodule.c
|
|
+++ b/policycoreutils/semodule/semodule.c
|
|
@@ -25,6 +25,8 @@
|
|
#include <sepol/cil/cil.h>
|
|
#include <semanage/modules.h>
|
|
|
|
+#include "sha256.h"
|
|
+
|
|
enum client_modes {
|
|
NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M,
|
|
LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M
|
|
@@ -57,6 +59,7 @@ static semanage_handle_t *sh = NULL;
|
|
static char *store;
|
|
static char *store_root;
|
|
int extract_cil = 0;
|
|
+static int checksum = 0;
|
|
|
|
extern char *optarg;
|
|
extern int optind;
|
|
@@ -147,6 +150,7 @@ static void usage(char *progname)
|
|
printf(" -S,--store-path use an alternate path for the policy store root\n");
|
|
printf(" -c, --cil extract module as cil. This only affects module extraction.\n");
|
|
printf(" -H, --hll extract module as hll. This only affects module extraction.\n");
|
|
+ printf(" -m, --checksum print module checksum (SHA256).\n");
|
|
}
|
|
|
|
/* Sets the global mode variable to new_mode, but only if no other
|
|
@@ -200,6 +204,7 @@ static void parse_command_line(int argc, char **argv)
|
|
{"disable", required_argument, NULL, 'd'},
|
|
{"path", required_argument, NULL, 'p'},
|
|
{"store-path", required_argument, NULL, 'S'},
|
|
+ {"checksum", 0, NULL, 'm'},
|
|
{NULL, 0, NULL, 0}
|
|
};
|
|
int extract_selected = 0;
|
|
@@ -210,7 +215,7 @@ static void parse_command_line(int argc, char **argv)
|
|
no_reload = 0;
|
|
priority = 400;
|
|
while ((i =
|
|
- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cH", opts,
|
|
+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts,
|
|
NULL)) != -1) {
|
|
switch (i) {
|
|
case 'b':
|
|
@@ -287,6 +292,9 @@ static void parse_command_line(int argc, char **argv)
|
|
case 'd':
|
|
set_mode(DISABLE_M, optarg);
|
|
break;
|
|
+ case 'm':
|
|
+ checksum = 1;
|
|
+ break;
|
|
case '?':
|
|
default:{
|
|
usage(argv[0]);
|
|
@@ -338,6 +346,61 @@ static void parse_command_line(int argc, char **argv)
|
|
}
|
|
}
|
|
|
|
+/* Get module checksum */
|
|
+static char *hash_module_data(const char *module_name, const int prio) {
|
|
+ semanage_module_info_t *extract_info = NULL;
|
|
+ semanage_module_key_t *modkey = NULL;
|
|
+ Sha256Context context;
|
|
+ uint8_t sha256_hash[SHA256_HASH_SIZE];
|
|
+ char *sha256_buf = NULL;
|
|
+ void *data;
|
|
+ size_t data_len = 0, i;
|
|
+ int result;
|
|
+
|
|
+ result = semanage_module_key_create(sh, &modkey);
|
|
+ if (result != 0) {
|
|
+ goto cleanup_extract;
|
|
+ }
|
|
+
|
|
+ result = semanage_module_key_set_name(sh, modkey, module_name);
|
|
+ if (result != 0) {
|
|
+ goto cleanup_extract;
|
|
+ }
|
|
+
|
|
+ result = semanage_module_key_set_priority(sh, modkey, prio);
|
|
+ if (result != 0) {
|
|
+ goto cleanup_extract;
|
|
+ }
|
|
+
|
|
+ result = semanage_module_extract(sh, modkey, 1, &data, &data_len,
|
|
+ &extract_info);
|
|
+ if (result != 0) {
|
|
+ goto cleanup_extract;
|
|
+ }
|
|
+
|
|
+ Sha256Initialise(&context);
|
|
+ Sha256Update(&context, data, data_len);
|
|
+
|
|
+ Sha256Finalise(&context, (SHA256_HASH *)sha256_hash);
|
|
+
|
|
+ sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1);
|
|
+
|
|
+ if (sha256_buf == NULL)
|
|
+ goto cleanup_extract;
|
|
+
|
|
+ for (i = 0; i < SHA256_HASH_SIZE; i++) {
|
|
+ sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]);
|
|
+ }
|
|
+ sha256_buf[i * 2] = 0;
|
|
+
|
|
+cleanup_extract:
|
|
+ semanage_module_info_destroy(sh, extract_info);
|
|
+ free(extract_info);
|
|
+ semanage_module_key_destroy(sh, modkey);
|
|
+ free(modkey);
|
|
+ return sha256_buf;
|
|
+}
|
|
+
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int i, commit = 0;
|
|
@@ -546,6 +609,8 @@ cleanup_extract:
|
|
int modinfos_len = 0;
|
|
semanage_module_info_t *m = NULL;
|
|
int j = 0;
|
|
+ char *module_checksum = NULL;
|
|
+ uint16_t pri = 0;
|
|
|
|
if (verbose) {
|
|
printf
|
|
@@ -570,7 +635,18 @@ cleanup_extract:
|
|
result = semanage_module_info_get_name(sh, m, &name);
|
|
if (result != 0) goto cleanup_list;
|
|
|
|
- printf("%s\n", name);
|
|
+ result = semanage_module_info_get_priority(sh, m, &pri);
|
|
+ if (result != 0) goto cleanup_list;
|
|
+
|
|
+ printf("%s", name);
|
|
+ if (checksum) {
|
|
+ module_checksum = hash_module_data(name, pri);
|
|
+ if (module_checksum) {
|
|
+ printf(" %s", module_checksum);
|
|
+ free(module_checksum);
|
|
+ }
|
|
+ }
|
|
+ printf("\n");
|
|
}
|
|
}
|
|
else if (strcmp(mode_arg, "full") == 0) {
|
|
@@ -585,11 +661,12 @@ cleanup_extract:
|
|
}
|
|
|
|
/* calculate column widths */
|
|
- size_t column[4] = { 0, 0, 0, 0 };
|
|
+ size_t column[5] = { 0, 0, 0, 0, 0 };
|
|
|
|
/* fixed width columns */
|
|
column[0] = sizeof("000") - 1;
|
|
column[3] = sizeof("disabled") - 1;
|
|
+ column[4] = 64; /* SHA256_HASH_SIZE * 2 */
|
|
|
|
/* variable width columns */
|
|
const char *tmp = NULL;
|
|
@@ -612,7 +689,6 @@ cleanup_extract:
|
|
|
|
/* print out each module */
|
|
for (j = 0; j < modinfos_len; j++) {
|
|
- uint16_t pri = 0;
|
|
const char *name = NULL;
|
|
int enabled = 0;
|
|
const char *lang_ext = NULL;
|
|
@@ -631,11 +707,20 @@ cleanup_extract:
|
|
result = semanage_module_info_get_lang_ext(sh, m, &lang_ext);
|
|
if (result != 0) goto cleanup_list;
|
|
|
|
- printf("%0*u %-*s %-*s %-*s\n",
|
|
+ printf("%0*u %-*s %-*s %-*s",
|
|
(int)column[0], pri,
|
|
(int)column[1], name,
|
|
(int)column[2], lang_ext,
|
|
(int)column[3], enabled ? "" : "disabled");
|
|
+ if (checksum) {
|
|
+ module_checksum = hash_module_data(name, pri);
|
|
+ if (module_checksum) {
|
|
+ printf(" %-*s", (int)column[4], module_checksum);
|
|
+ free(module_checksum);
|
|
+ }
|
|
+ }
|
|
+ printf("\n");
|
|
+
|
|
}
|
|
}
|
|
else {
|
|
diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c
|
|
new file mode 100644
|
|
index 000000000000..fe2aeef07f53
|
|
--- /dev/null
|
|
+++ b/policycoreutils/semodule/sha256.c
|
|
@@ -0,0 +1,294 @@
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// WjCryptLib_Sha256
|
|
+//
|
|
+// Implementation of SHA256 hash function.
|
|
+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
|
+// Modified by WaterJuice retaining Public Domain license.
|
|
+//
|
|
+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// IMPORTS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+#include "sha256.h"
|
|
+#include <memory.h>
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// MACROS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits))))
|
|
+
|
|
+#define MIN(x, y) ( ((x)<(y))?(x):(y) )
|
|
+
|
|
+#define STORE32H(x, y) \
|
|
+ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \
|
|
+ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); }
|
|
+
|
|
+#define LOAD32H(x, y) \
|
|
+ { x = ((uint32_t)((y)[0] & 255)<<24) | \
|
|
+ ((uint32_t)((y)[1] & 255)<<16) | \
|
|
+ ((uint32_t)((y)[2] & 255)<<8) | \
|
|
+ ((uint32_t)((y)[3] & 255)); }
|
|
+
|
|
+#define STORE64H(x, y) \
|
|
+ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \
|
|
+ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \
|
|
+ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \
|
|
+ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); }
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// CONSTANTS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+// The K array
|
|
+static const uint32_t K[64] = {
|
|
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
|
|
+ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
|
|
+ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
|
|
+ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
|
|
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
|
|
+ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
|
|
+ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
|
|
+ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
|
|
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
|
|
+ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
|
|
+ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
|
|
+ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
|
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
|
|
+};
|
|
+
|
|
+#define BLOCK_SIZE 64
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// INTERNAL FUNCTIONS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+// Various logical functions
|
|
+#define Ch( x, y, z ) (z ^ (x & (y ^ z)))
|
|
+#define Maj( x, y, z ) (((x | y) & z) | (x & y))
|
|
+#define S( x, n ) ror((x),(n))
|
|
+#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n))
|
|
+#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
|
|
+#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
|
|
+#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
|
|
+#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
|
|
+
|
|
+#define Sha256Round( a, b, c, d, e, f, g, h, i ) \
|
|
+ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
|
|
+ t1 = Sigma0(a) + Maj(a, b, c); \
|
|
+ d += t0; \
|
|
+ h = t0 + t1;
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// TransformFunction
|
|
+//
|
|
+// Compress 512-bits
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+static
|
|
+void
|
|
+ TransformFunction
|
|
+ (
|
|
+ Sha256Context* Context,
|
|
+ uint8_t const* Buffer
|
|
+ )
|
|
+{
|
|
+ uint32_t S[8];
|
|
+ uint32_t W[64];
|
|
+ uint32_t t0;
|
|
+ uint32_t t1;
|
|
+ uint32_t t;
|
|
+ int i;
|
|
+
|
|
+ // Copy state into S
|
|
+ for( i=0; i<8; i++ )
|
|
+ {
|
|
+ S[i] = Context->state[i];
|
|
+ }
|
|
+
|
|
+ // Copy the state into 512-bits into W[0..15]
|
|
+ for( i=0; i<16; i++ )
|
|
+ {
|
|
+ LOAD32H( W[i], Buffer + (4*i) );
|
|
+ }
|
|
+
|
|
+ // Fill W[16..63]
|
|
+ for( i=16; i<64; i++ )
|
|
+ {
|
|
+ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16];
|
|
+ }
|
|
+
|
|
+ // Compress
|
|
+ for( i=0; i<64; i++ )
|
|
+ {
|
|
+ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i );
|
|
+ t = S[7];
|
|
+ S[7] = S[6];
|
|
+ S[6] = S[5];
|
|
+ S[5] = S[4];
|
|
+ S[4] = S[3];
|
|
+ S[3] = S[2];
|
|
+ S[2] = S[1];
|
|
+ S[1] = S[0];
|
|
+ S[0] = t;
|
|
+ }
|
|
+
|
|
+ // Feedback
|
|
+ for( i=0; i<8; i++ )
|
|
+ {
|
|
+ Context->state[i] = Context->state[i] + S[i];
|
|
+ }
|
|
+}
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// PUBLIC FUNCTIONS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Initialise
|
|
+//
|
|
+// Initialises a SHA256 Context. Use this to initialise/reset a context.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Initialise
|
|
+ (
|
|
+ Sha256Context* Context // [out]
|
|
+ )
|
|
+{
|
|
+ Context->curlen = 0;
|
|
+ Context->length = 0;
|
|
+ Context->state[0] = 0x6A09E667UL;
|
|
+ Context->state[1] = 0xBB67AE85UL;
|
|
+ Context->state[2] = 0x3C6EF372UL;
|
|
+ Context->state[3] = 0xA54FF53AUL;
|
|
+ Context->state[4] = 0x510E527FUL;
|
|
+ Context->state[5] = 0x9B05688CUL;
|
|
+ Context->state[6] = 0x1F83D9ABUL;
|
|
+ Context->state[7] = 0x5BE0CD19UL;
|
|
+}
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Update
|
|
+//
|
|
+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on
|
|
+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Update
|
|
+ (
|
|
+ Sha256Context* Context, // [in out]
|
|
+ void const* Buffer, // [in]
|
|
+ uint32_t BufferSize // [in]
|
|
+ )
|
|
+{
|
|
+ uint32_t n;
|
|
+
|
|
+ if( Context->curlen > sizeof(Context->buf) )
|
|
+ {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ while( BufferSize > 0 )
|
|
+ {
|
|
+ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE )
|
|
+ {
|
|
+ TransformFunction( Context, (uint8_t*)Buffer );
|
|
+ Context->length += BLOCK_SIZE * 8;
|
|
+ Buffer = (uint8_t*)Buffer + BLOCK_SIZE;
|
|
+ BufferSize -= BLOCK_SIZE;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) );
|
|
+ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n );
|
|
+ Context->curlen += n;
|
|
+ Buffer = (uint8_t*)Buffer + n;
|
|
+ BufferSize -= n;
|
|
+ if( Context->curlen == BLOCK_SIZE )
|
|
+ {
|
|
+ TransformFunction( Context, Context->buf );
|
|
+ Context->length += 8*BLOCK_SIZE;
|
|
+ Context->curlen = 0;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Finalise
|
|
+//
|
|
+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After
|
|
+// calling this, Sha256Initialised must be used to reuse the context.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Finalise
|
|
+ (
|
|
+ Sha256Context* Context, // [in out]
|
|
+ SHA256_HASH* Digest // [out]
|
|
+ )
|
|
+{
|
|
+ int i;
|
|
+
|
|
+ if( Context->curlen >= sizeof(Context->buf) )
|
|
+ {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ // Increase the length of the message
|
|
+ Context->length += Context->curlen * 8;
|
|
+
|
|
+ // Append the '1' bit
|
|
+ Context->buf[Context->curlen++] = (uint8_t)0x80;
|
|
+
|
|
+ // if the length is currently above 56 bytes we append zeros
|
|
+ // then compress. Then we can fall back to padding zeros and length
|
|
+ // encoding like normal.
|
|
+ if( Context->curlen > 56 )
|
|
+ {
|
|
+ while( Context->curlen < 64 )
|
|
+ {
|
|
+ Context->buf[Context->curlen++] = (uint8_t)0;
|
|
+ }
|
|
+ TransformFunction(Context, Context->buf);
|
|
+ Context->curlen = 0;
|
|
+ }
|
|
+
|
|
+ // Pad up to 56 bytes of zeroes
|
|
+ while( Context->curlen < 56 )
|
|
+ {
|
|
+ Context->buf[Context->curlen++] = (uint8_t)0;
|
|
+ }
|
|
+
|
|
+ // Store length
|
|
+ STORE64H( Context->length, Context->buf+56 );
|
|
+ TransformFunction( Context, Context->buf );
|
|
+
|
|
+ // Copy output
|
|
+ for( i=0; i<8; i++ )
|
|
+ {
|
|
+ STORE32H( Context->state[i], Digest->bytes+(4*i) );
|
|
+ }
|
|
+}
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Calculate
|
|
+//
|
|
+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the
|
|
+// buffer.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Calculate
|
|
+ (
|
|
+ void const* Buffer, // [in]
|
|
+ uint32_t BufferSize, // [in]
|
|
+ SHA256_HASH* Digest // [in]
|
|
+ )
|
|
+{
|
|
+ Sha256Context context;
|
|
+
|
|
+ Sha256Initialise( &context );
|
|
+ Sha256Update( &context, Buffer, BufferSize );
|
|
+ Sha256Finalise( &context, Digest );
|
|
+}
|
|
diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h
|
|
new file mode 100644
|
|
index 000000000000..406ed869cd82
|
|
--- /dev/null
|
|
+++ b/policycoreutils/semodule/sha256.h
|
|
@@ -0,0 +1,89 @@
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// WjCryptLib_Sha256
|
|
+//
|
|
+// Implementation of SHA256 hash function.
|
|
+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
|
+// Modified by WaterJuice retaining Public Domain license.
|
|
+//
|
|
+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+#pragma once
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// IMPORTS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+#include <stdint.h>
|
|
+#include <stdio.h>
|
|
+
|
|
+typedef struct
|
|
+{
|
|
+ uint64_t length;
|
|
+ uint32_t state[8];
|
|
+ uint32_t curlen;
|
|
+ uint8_t buf[64];
|
|
+} Sha256Context;
|
|
+
|
|
+#define SHA256_HASH_SIZE ( 256 / 8 )
|
|
+
|
|
+typedef struct
|
|
+{
|
|
+ uint8_t bytes [SHA256_HASH_SIZE];
|
|
+} SHA256_HASH;
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// PUBLIC FUNCTIONS
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Initialise
|
|
+//
|
|
+// Initialises a SHA256 Context. Use this to initialise/reset a context.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Initialise
|
|
+ (
|
|
+ Sha256Context* Context // [out]
|
|
+ );
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Update
|
|
+//
|
|
+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on
|
|
+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Update
|
|
+ (
|
|
+ Sha256Context* Context, // [in out]
|
|
+ void const* Buffer, // [in]
|
|
+ uint32_t BufferSize // [in]
|
|
+ );
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Finalise
|
|
+//
|
|
+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After
|
|
+// calling this, Sha256Initialised must be used to reuse the context.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Finalise
|
|
+ (
|
|
+ Sha256Context* Context, // [in out]
|
|
+ SHA256_HASH* Digest // [out]
|
|
+ );
|
|
+
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+// Sha256Calculate
|
|
+//
|
|
+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the
|
|
+// buffer.
|
|
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
+void
|
|
+ Sha256Calculate
|
|
+ (
|
|
+ void const* Buffer, // [in]
|
|
+ uint32_t BufferSize, // [in]
|
|
+ SHA256_HASH* Digest // [in]
|
|
+ );
|
|
--
|
|
2.33.1
|
|
|